Human
Machine
REPRO-2026-00110 HIGH RCE
Verified
Deno Command Injection via Incomplete Metacharacter Blocklist
deno (rust) Feb 20, 2026
What's the vulnerability?
A command injection vulnerability exists in Deno's node:child_process implementation.
Root Cause Analysis
One Command
Verify with pruva-verify
Run the Pruva CLI to automatically fetch and execute the reproduction script.
pruva-verify REPRO-2026-00110 or
pruva-verify GHSA-hmh4-3xvx-q5hr or
pruva-verify CVE-2026-27190 Install:
curl -fsSL https://pruva.dev/install.sh | sh Or Run Manually
1
Download the script
curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00110/artifacts/repro/reproduction_steps.sh 2
Make executable
chmod +x reproduction_steps.sh 3
Run the script
./reproduction_steps.sh Run in a VM, container, or disposable environment. This exploits a real vulnerability.
How Pruva Reproduced This
Watch the AI agent's step-by-step process.
Loading session...
Artifacts
repro/rca_report.md4.1 KBrepro/reproduction_steps.sh2.1 KBbundle/source.json3.9 KBbundle/ticket.json6.3 KBbundle/ticket.md1.8 KBrepro/poc.mjs1.0 KBlogs/final_variant_test.log2.9 KBlogs/result.txt0.0 KBlogs/run1.log0.4 KBlogs/run2.log0.4 KBlogs/variant_1_vuln.log0.1 KBlogs/variant_result.txt0.0 KBlogs/variant_test.log0.8 KB